Recently, as portable terminal devices represented as smart phones have higher performance, various applications are installed in the portable terminal devices as in computers. Meanwhile, it is an important subject to detect an application that illegally operates because an application operating in a portable terminal device includes a computer virus or malware that executes a malicious action.
In software for detecting a computer virus operating in a computer, etc., a method of detecting whether a malicious application has not been installed and whether a suspicious movement has been checked using virus detection software operating in a computer is commonly used.
In a portable terminal device, however, schemes different from those of a computer have been proposed because the portable terminal device has limited hardware resources.
For example, Patent Document 1 discloses technology in which a user's mobile phone accesses a content server before downloading content, the content server sends the content to a virus check server, and the virus check server checks the content.
Patent Document 2 discloses a system in which a monitoring device monitors the software state of a terminal device that has accessed a network. The monitoring device of this system includes a first DB for storing information about the features of software that is defined to include information about the features of a file, that is, a cause of weakness, or a file generated when malware is infected. Furthermore, the terminal device includes a second DB for sequentially obtaining information about the features of files therein and storing the obtained information. The monitoring device sends the feature information stored in the first DB, together with a verification request, to the terminal device over a network. The terminal device verifies whether or not a file related to the feature information is present by searching the second DB and sends a result of the search to the monitoring device. The monitoring device determines the weakness of the terminal device or a malware infection situation based on the received verification result and prevents the expansion of damage by controlling access.
Patent Document 3 discloses technology in which a mail storage unit for storing the same mail as mail transmitted from a mail server to a client terminal is provided and a virus hidden in the mail stored in the mail storage unit is detected after a virus definition file has been updated.
Patent Document 4 discloses technology in which information about virus check means and a virus definition file used to perform a virus check on a file once are attached and whether it is necessary to execute a virus check or not is determined by determining whether or not the same virus check means and virus definition file are used in a next virus check.